more than one main upstream tarballs listed.
There are 2 open security issues in trixie.
There are 2 open security issues in sid.
There are 3 open security issues in bullseye.
There are 2 open security issues in bookworm.
There is 1 open security issue in buster.
commit b565f6b1263ab2a29bf3d8768e5859d8bb2ed66f
Author: Jonathan Nieder <jrnieder@gmail.com>
Date: Thu Jan 2 16:03:30 2025 +0100
allow building with dash as sh
Without this fix, the "make test" step of a build fails with
/bin/sh: 10: Syntax error: "(" unexpected
Signed-off-by: Jonathan Nieder <jrnieder@gmail.com>
Change-Id: Icf000c0fe10949d8d0dd45b8502f250f13e5b261
commit 11f41f96c9051af92a12816cba7fa502765c9eed
Author: Jonathan Nieder <jrnieder@gmail.com>
Date: Thu Jan 2 13:49:51 2025 +0100
new upstream release candidate
Happy new year!
Signed-off-by: Jonathan Nieder <jrnieder@gmail.com>
Change-Id: I8e71fafe092bd8b1364912d430ee0ef10ae2b692
commit bb56385dd3a9982114aa79bf7021fd506c06e049
Merge: 60af4bf618 2de766588e
Author: Jonathan Nieder <jrnieder@gmail.com>
Date: Thu Jan 2 13:48:16 2025 +0100
Merge branch 'debian-sid' into debian-experimental
* debian-sid:
debian: remove git-daemon-run and git-daemon-sysvinit packages
debian: incorporate zeha's NMUs into changelog
debian: new upstream release
Signed-off-by: Jonathan Nieder <jrnieder@gmail.com>
Change-Id: I207afcdee6a6312f17241838f8a7c29678bc26c5
commit 60af4bf61800b1bc97b0332e0cffe7587314044a
Author: Jonathan Nieder <jrnieder@gmail.com>
Date: Thu Jan 2 13:44:14 2025 +0100
debian: new "next" snapshot
Signed-off-by: Jonathan Nieder <jrnieder@gmail.com>
Change-Id: I09a3c2518e984a9f719db7fabe06244aeeab5c06
commit 30be56ea8c17dd94539a92b557d09d72d386af17
Merge: cd4f5e4e27 b6b6757d77
Author: Jonathan Nieder <jrnieder@gmail.com>
Date: Thu Jan 2 13:38:53 2025 +0100
Merge branch 'next' of https://kernel.googlesource.com/pub/scm/git/git into debian-experimental
Signed-off-by: Jonathan Nieder <jrnieder@gmail.com>
Change-Id: Ied78974088b5c06982dfe57ae636440388a08763
commit 2de766588e426141d514434c1512fb779cda1494
Author: Jonathan Nieder <jrnieder@gmail.com>
Date: Thu Jan 2 13:34:33 2025 +0100
debian: remove git-daemon-run and git-daemon-sysvinit packages
Nowadays something using a safer protocol like https or ssh (for
example, gitolite) is almost always a better choice anyway.
Signed-off-by: Jonathan Nieder <jrnieder@gmail.com>
commit 1b4b6df210cab60d2a91e06d8c71a5c118b8607d
Author: Jonathan Nieder <jrnieder@gmail.com>
Date: Thu Jan 2 13:23:22 2025 +0100
debian: incorporate zeha's NMUs into changelog
Signed-off-by: Jonathan Nieder <jrnieder@gmail.com>
commit a35bb5aea53fae3be55f7f8c914d3f5a71d98342
Author: Jonathan Nieder <jrnieder@gmail.com>
Date: Thu Jan 2 13:21:32 2025 +0100
debian: new upstream release
Signed-off-by: Jonathan Nieder <jrnieder@gmail.com>
commit fd06727db41d1f527c9db166c266bae67f37752c
Merge: d7922e98fa 92999a42db
Author: Jonathan Nieder <jrnieder@gmail.com>
Date: Thu Jan 2 13:11:05 2025 +0100
Merge tag 'v2.47.1' into debian-sid
Git 2.47.1
Signed-off-by: Jonathan Nieder <jrnieder@gmail.com>
commit b6b6757d77288d542bbb20ed40ec5a0aabfedb71
Merge: e01db872e4 d062ccf4c3
Author: Junio C Hamano <gitster@pobox.com>
Date: Wed Jan 1 09:23:34 2025 -0800
Sync with 'master'
commit e01db872e420197aa9a61f1130d27ebf0594d9eb
Merge: 41c78cf690 6a0ee54f9a
Author: Junio C Hamano <gitster@pobox.com>
Date: Wed Jan 1 09:23:09 2025 -0800
Merge branch 'ps/meson-weak-sha1-build' into next
meson-based build now supports the unsafe-sha1 build knob.
* ps/meson-weak-sha1-build:
meson: provide a summary of configured backends
meson: wire up unsafe SHA1 backend
meson: add missing dots for build options
meson: simplify conditions for HTTPS and SHA1 dependencies
meson: require SecurityFramework when it's used as SHA1 backend
meson: deduplicate access to SHA1/SHA256 backend options
meson: consistenlty spell 'CommonCrypto'
commit 41c78cf69092b6975ed9512a7c42575c7a2dfcc8
Merge: 8677dc54d2 24027256aa
Author: Junio C Hamano <gitster@pobox.com>
Date: Wed Jan 1 09:23:07 2025 -0800
Merge branch 'ps/more-sign-compare' into next
More -Wsign-compare fixes.
* ps/more-sign-compare:
sign-compare: avoid comparing ptrdiff with an int/unsigned
commit-reach: use `size_t` to track indices when computing merge bases
shallow: fix -Wsign-compare warnings
builtin/log: fix remaining -Wsign-compare warnings
builtin/log: use `size_t` to track indices
commit-reach: use `size_t` to track indices in `get_reachable_subset()`
commit-reach: use `size_t` to track indices in `remove_redundant()`
commit-reach: fix type of `min_commit_date`
commit-reach: fix index used to loop through unsigned integer
prio-queue: fix type of `insertion_ctr`
commit d062ccf4c3af1e5153ed5064d4d05b05e0fdd4d5
Author: Junio C Hamano <gitster@pobox.com>
Date: Wed Jan 1 09:20:53 2025 -0800
A bit more post Git 2.48-rc1
Signed-off-by: Junio C Hamano <gitster@pobox.com>
commit d893741e025a3408c7616a35db91b819327c078f
Merge: 98422943f0 7a8d9efc26
Author: Junio C Hamano <gitster@pobox.com>
Date: Wed Jan 1 09:21:15 2025 -0800
Merge branch 'jk/lsan-race-with-barrier'
CI jobs that run threaded programs under LSan has been giving false
positives from time to time, which has been worked around.
* jk/lsan-race-with-barrier:
grep: work around LSan threading race with barrier
index-pack: work around LSan threading race with barrier
thread-utils: introduce optional barrier type
Revert "index-pack: spawn threads atomically"
test-lib: use individual lsan dir for --stress runs
commit 98422943f013b56352dd1a2f8823368b27267e57
Merge: 73e35b172a 599a63409b
Author: Junio C Hamano <gitster@pobox.com>
Date: Wed Jan 1 09:21:14 2025 -0800
Merge branch 'ps/weak-sha1-for-tail-sum-fix'
An earlier "csum-file checksum does not have to be computed with
sha1dc" topic had a few code paths that had initialized an
implementation of a hash function to be used by an unmatching hash
by mistake, which have been corrected.
* ps/weak-sha1-for-tail-sum-fix:
ci: exercise unsafe OpenSSL backend
builtin/fast-import: fix segfault with unsafe SHA1 backend
bulk-checkin: fix segfault with unsafe SHA1 backend
commit 73e35b172a74cfab8f1db450113f2bf826b40b60
Merge: bc2c65770d 1e78120928
Author: Junio C Hamano <gitster@pobox.com>
Date: Wed Jan 1 09:21:13 2025 -0800
Merge branch 'rs/reftable-realloc-errors'
The custom allocator code in the reftable library did not handle
failing realloc() very well, which has been addressed.
* rs/reftable-realloc-errors:
t-reftable-merged: handle realloc errors
reftable: handle realloc error in parse_names()
reftable: fix allocation count on realloc error
reftable: avoid leaks on realloc error
commit 8677dc54d23642379db0014f8fa76565a086b1d5
Merge: 3fc0e14928 bc2c65770d
Author: Junio C Hamano <gitster@pobox.com>
Date: Mon Dec 30 08:31:01 2024 -0800
Sync with Git 2.48-rc1
commit 3fc0e14928d60d588efd1fcc0edb202e4c0023b3
Merge: e083ea3154 7a8d9efc26
Author: Junio C Hamano <gitster@pobox.com>
Date: Mon Dec 30 08:30:45 2024 -0800
Merge branch 'jk/lsan-race-with-barrier' into next
* jk/lsan-race-with-barrier:
grep: work around LSan threading race with barrier
index-pack: work around LSan threading race with barrier
thread-utils: introduce optional barrier type
Revert "index-pack: spawn threads atomically"
test-lib: use individual lsan dir for --stress runs
commit e083ea31547c4f126b39ba1c140cee7c4122ffa7
Merge: c24783e99d 0ad3d65652
Author: Junio C Hamano <gitster@pobox.com>
Date: Mon Dec 30 08:30:43 2024 -0800
Merge branch 'ps/object-collision-check' into next
* ps/object-collision-check:
object-file: fix race in object collision check
commit c24783e99dcae41be907bb765432e6c0e10288b4
Merge: 900c79808f 599a63409b
Author: Junio C Hamano <gitster@pobox.com>
Date: Mon Dec 30 08:30:41 2024 -0800
Merge branch 'ps/weak-sha1-for-tail-sum-fix' into next
* ps/weak-sha1-for-tail-sum-fix:
ci: exercise unsafe OpenSSL backend
builtin/fast-import: fix segfault with unsafe SHA1 backend
bulk-checkin: fix segfault with unsafe SHA1 backend
commit 900c79808fbd0ccd17e0aaa37c1f93f60af13aa6
Merge: ebc9625a4c 5b34dd08d0
Author: Junio C Hamano <gitster@pobox.com>
Date: Mon Dec 30 08:30:40 2024 -0800
Merge branch 'as/long-option-help-i18n' into next
Tweak the help text used for the option value placeholders by
parse-options API so that translations can customize the "<>"
placeholder signal (e.g. "--option=<value>").
* as/long-option-help-i18n:
parse-options: localize mark-up of placeholder text in the short help
commit ebc9625a4c005c126f025455d3404d00e13d7faf
Merge: 090c455a1d 1e78120928
Author: Junio C Hamano <gitster@pobox.com>
Date: Mon Dec 30 08:30:39 2024 -0800
Merge branch 'rs/reftable-realloc-errors' into next
The custom allocator code in the reftable library did not handle
failing realloc() very well, which has been addressed.
* rs/reftable-realloc-errors:
t-reftable-merged: handle realloc errors
reftable: handle realloc error in parse_names()
reftable: fix allocation count on realloc error
reftable: avoid leaks on realloc error
commit 5b34dd08d0ffc967b92abe187cc890d52ade5ac7
Author: Alexander Shopov <ash@kambanaria.org>
Date: Sat Dec 28 12:42:18 2024 +0100
parse-options: localize mark-up of placeholder text in the short help
i18n: expose substitution hint chars in functions and macros to
translators
For example (based on builtin/commit.c and shortened): the "--author"
option takes a name. In source this can be represented as:
OPT_STRING(0, "author", &force_author, N_("author"), N_("override author")),
When the command is run with "-h" (short help) option (git commit -h),
the above definition is displayed as:
--[no-]author <author> override author
Git does not use translated option names so the first part of the
above, "--[no-]author", is given as-is (it is based on the 2nd
argument of OPT_STRING). However the string "author" in the pair of
"<>", and the explanation "override author for commit" may be
translated into user's language.
The user's language may use a convention to mark a replaceable part of
the command line (called a "placeholder string") differently from
enclosing it inside a pair of "<>", but the implementation in
parse-options.c hardcodes "<%s>".
Allow translators to specify the presentation of a placeholder string
for their languages by overriding the "<%s>".
In case the translator's writing system is sufficiently different than
Latin the "<>" characters can be substituted by an empty string thus
effectively skipping them in the output. For example languages with
uppercase versions of characters can use that to deliniate
replaceability.
Alternatively a translator can decide to use characters that are
visually close to "<>" but are not interpreted by the shell.
Signed-off-by: Alexander Shopov <ash@kambanaria.org>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
commit 6a0ee54f9a3ebf667e86f7110c36b2240df96166
Author: Patrick Steinhardt <ps@pks.im>
Date: Mon Dec 30 15:24:10 2024 +0100
meson: provide a summary of configured backends
There are a couple of backends from which the user can choose for HTTPS,
SHA1, its unsafe variant as well as SHA256. Provide a summary of the
configured values to make these more discoverable.
Signed-off-by: Patrick Steinhardt <ps@pks.im>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
commit d2c0b6a86cb0f1a73d9ad5fcffda45497cd7ad42
Author: Patrick Steinhardt <ps@pks.im>
Date: Mon Dec 30 15:24:09 2024 +0100
meson: wire up unsafe SHA1 backend
In 06c92dafb8 (Makefile: allow specifying a SHA-1 for non-cryptographic
uses, 2024-09-26), we have introduced a cryptographically-insecure
backend for SHA1 that can optionally be used in some contexts where the
processed data is not security relevant. This effort was in-flight with
the effort to introduce Meson, so we don't have an equivalent here.
Wire up a new build option that lets users pick an unsafe SHA1 backend.
Note that for simplicity's sake we have to drop the error condition
around an unhandled SHA1 backend. This should be fine though given that
Meson verifies the value for combo-options for us.
Signed-off-by: Patrick Steinhardt <ps@pks.im>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
commit 12068bd4de03c7769f50cd8321f792477692d0ea
Author: Patrick Steinhardt <ps@pks.im>
Date: Mon Dec 30 15:24:08 2024 +0100
meson: add missing dots for build options
Most of our Meson build options end with a trailing dot, but those for
our SHA1 and SHA256 backends don't. Add it.
Signed-off-by: Patrick Steinhardt <ps@pks.im>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
commit 6d8aa2aec81abf4935c72745790bc5f9bf7541b9
Author: Patrick Steinhardt <ps@pks.im>
Date: Mon Dec 30 15:24:07 2024 +0100
meson: simplify conditions for HTTPS and SHA1 dependencies
The conditions used to figure out whteher the Security framework or
OpenSSL library is required are a bit convoluted because they can be
pulled in via the HTTPS, SHA1 or SHA256 backends. Refactor them to be
easier to read.
Signed-off-by: Patrick Steinhardt <ps@pks.im>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
commit d6787d975147a74f1560fffc09dcb2a1f92460bb
Author: Patrick Steinhardt <ps@pks.im>
Date: Mon Dec 30 15:24:06 2024 +0100
meson: require SecurityFramework when it's used as SHA1 backend
The Security framework is required when we use CommonCrypto either as
HTTPS or SHA1 backend, but we only require it in case it is set up as
HTTPS backend. Fix this.
Signed-off-by: Patrick Steinhardt <ps@pks.im>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
commit 31eb6d7cf09c3fa668c1839d8c5759ab7cdf280c
Author: Patrick Steinhardt <ps@pks.im>
Date: Mon Dec 30 15:24:05 2024 +0100
meson: deduplicate access to SHA1/SHA256 backend options
We've got a couple of repeated calls to `get_option()` for the SHA1 and
SHA256 backend options. While not an issue, it makes the code needlessly
verbose.
Fix this by consistently using a local variable.
Signed-off-by: Patrick Steinhardt <ps@pks.im>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
commit 8214e27d275915079ddf7c294c379515e34e8efb
Author: Patrick Steinhardt <ps@pks.im>
Date: Mon Dec 30 15:24:04 2024 +0100
meson: consistenlty spell 'CommonCrypto'
The 'CommonCrypto' backend can be specified as HTTPS and SHA1 backends,
but the value that one needs to use is inconsistent across those two
build options. Unify it to 'CommonCrypto'.
Signed-off-by: Patrick Steinhardt <ps@pks.im>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
commit cade724b527d753def6b2cd169df62ef03bdbfe2
Merge: 306ab352f4 599a63409b
Author: Junio C Hamano <gitster@pobox.com>
Date: Mon Dec 30 06:50:28 2024 -0800
Merge branch 'ps/weak-sha1-for-tail-sum-fix' into ps/meson-weak-sha1-build
* ps/weak-sha1-for-tail-sum-fix:
ci: exercise unsafe OpenSSL backend
builtin/fast-import: fix segfault with unsafe SHA1 backend
bulk-checkin: fix segfault with unsafe SHA1 backend
commit 599a63409bed67d61c359d316da5a10bcddc954b
Author: Patrick Steinhardt <ps@pks.im>
Date: Mon Dec 30 15:24:03 2024 +0100
ci: exercise unsafe OpenSSL backend
In the preceding commit we have fixed a segfault when using an unsafe
SHA1 backend that is different from the safe one. This segfault only
went by unnoticed because we never set up an unsafe backend in our CI
systems. Fix this ommission by setting `OPENSSL_SHA1_UNSAFE` in our
TEST-vars job.
Signed-off-by: Patrick Steinhardt <ps@pks.im>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
commit 106140a99fbdb7acf19723473621e0ccaa03c158
Author: Patrick Steinhardt <ps@pks.im>
Date: Mon Dec 30 15:24:02 2024 +0100
builtin/fast-import: fix segfault with unsafe SHA1 backend
Same as with the preceding commit, git-fast-import(1) is using the safe
variant to initialize a hashfile checkpoint. This leads to a segfault
when passing the checkpoint into the hashfile subsystem because it would
use the unsafe variants instead:
++ git --git-dir=R/.git fast-import --big-file-threshold=1
AddressSanitizer:DEADLYSIGNAL
=================================================================
==577126==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000040 (pc 0x7ffff7a01a99 bp 0x5070000009c0 sp 0x7fffffff5b30 T0)
==577126==The signal is caused by a READ memory access.
==577126==Hint: address points to the zero page.
#0 0x7ffff7a01a99 in EVP_MD_CTX_copy_ex (/nix/store/h1ydpxkw9qhjdxjpic1pdc2nirggyy6f-openssl-3.3.2/lib/libcrypto.so.3+0x201a99) (BuildId: 41746a580d39075fc85e8c8065b6c07fb34e97d4)
#1 0x555555ddde56 in openssl_SHA1_Clone ../sha1/openssl.h:40:2
#2 0x555555dce2fc in git_hash_sha1_clone_unsafe ../object-file.c:123:2
#3 0x555555c2d5f8 in hashfile_checkpoint ../csum-file.c:211:2
#4 0x5555559647d1 in stream_blob ../builtin/fast-import.c:1110:2
#5 0x55555596247b in parse_and_store_blob ../builtin/fast-import.c:2031:3
#6 0x555555967f91 in file_change_m ../builtin/fast-import.c:2408:5
#7 0x55555595d8a2 in parse_new_commit ../builtin/fast-import.c:2768:4
#8 0x55555595bb7a in cmd_fast_import ../builtin/fast-import.c:3614:4
#9 0x555555b1f493 in run_builtin ../git.c:480:11
#10 0x555555b1bfef in handle_builtin ../git.c:740:9
#11 0x555555b1e6f4 in run_argv ../git.c:807:4
#12 0x555555b1b87a in cmd_main ../git.c:947:19
#13 0x5555561649e6 in main ../common-main.c:64:11
#14 0x7ffff742a1fb in __libc_start_call_main (/nix/store/65h17wjrrlsj2rj540igylrx7fqcd6vq-glibc-2.40-36/lib/libc.so.6+0x2a1fb) (BuildId: bf320110569c8ec2425e9a0c5e4eb7e97f1fb6e4)
#15 0x7ffff742a2b8 in __libc_start_main@GLIBC_2.2.5 (/nix/store/65h17wjrrlsj2rj540igylrx7fqcd6vq-glibc-2.40-36/lib/libc.so.6+0x2a2b8) (BuildId: bf320110569c8ec2425e9a0c5e4eb7e97f1fb6e4)
#16 0x555555772c84 in _start (git+0x21ec84)
==577126==Register values:
rax = 0x0000511000000cc0 rbx = 0x0000000000000000 rcx = 0x000000000000000c rdx = 0x0000000000000000
rdi = 0x0000000000000000 rsi = 0x00005070000009c0 rbp = 0x00005070000009c0 rsp = 0x00007fffffff5b30
r8 = 0x0000000000000000 r9 = 0x0000000000000000 r10 = 0x0000000000000000 r11 = 0x00007ffff7a01a30
r12 = 0x0000000000000000 r13 = 0x00007fffffff6b60 r14 = 0x00007ffff7ffd000 r15 = 0x00005555563b9910
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (/nix/store/h1ydpxkw9qhjdxjpic1pdc2nirggyy6f-openssl-3.3.2/lib/libcrypto.so.3+0x201a99) (BuildId: 41746a580d39075fc85e8c8065b6c07fb34e97d4) in EVP_MD_CTX_copy_ex
==577126==ABORTING
./test-lib.sh: line 1039: 577126 Aborted git --git-dir=R/.git fast-import --big-file-threshold=1 < input
error: last command exited with $?=134
not ok 167 - R: blob bigger than threshold
The segfault is only exposed in case the unsafe and safe backends are
different from one another.
Fix the issue by initializing the context with the unsafe SHA1 variant.
Signed-off-by: Patrick Steinhardt <ps@pks.im>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
commit 9218c0bfe1baef0a67688b8a0189121d7d834926
Author: Patrick Steinhardt <ps@pks.im>
Date: Mon Dec 30 15:24:01 2024 +0100
bulk-checkin: fix segfault with unsafe SHA1 backend
In 1b9e9be8b4 (csum-file.c: use unsafe SHA-1 implementation when
available, 2024-09-26) we have converted our `struct hashfile` to use
the unsafe SHA1 backend, which results in a significant speedup. One
needs to be careful with how to use that structure now though because
callers need to consistently use either the safe or unsafe variants of
SHA1, as otherwise one can easily trigger corruption.
As it turns out, we have one inconsistent usage in our tree because we
directly initialize `struct hashfile_checkpoint::ctx` with the safe
variant of SHA1, but end up writing to that context with the unsafe
ones. This went unnoticed so far because our CI systems do not exercise
different hash functions for these two backends, and consequently safe
and unsafe variants are equivalent. But when using SHA1DC as safe and
OpenSSL as unsafe backend this leads to a crash an t1050:
++ git -c core.compression=0 add large1
AddressSanitizer:DEADLYSIGNAL
=================================================================
==1367==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000040 (pc 0x7ffff7a01a99 bp 0x507000000db0 sp 0x7fffffff5690 T0)
==1367==The signal is caused by a READ memory access.
==1367==Hint: address points to the zero page.
#0 0x7ffff7a01a99 in EVP_MD_CTX_copy_ex (/nix/store/h1ydpxkw9qhjdxjpic1pdc2nirggyy6f-openssl-3.3.2/lib/libcrypto.so.3+0x201a99) (BuildId: 41746a580d39075fc85e8c8065b6c07fb34e97d4)
#1 0x555555ddde56 in openssl_SHA1_Clone ../sha1/openssl.h:40:2
#2 0x555555dce2fc in git_hash_sha1_clone_unsafe ../object-file.c:123:2
#3 0x555555c2d5f8 in hashfile_checkpoint ../csum-file.c:211:2
#4 0x555555b9905d in deflate_blob_to_pack ../bulk-checkin.c:286:4
#5 0x555555b98ae9 in index_blob_bulk_checkin ../bulk-checkin.c:362:15
#6 0x555555ddab62 in index_blob_stream ../object-file.c:2756:9
#7 0x555555dda420 in index_fd ../object-file.c:2778:9
#8 0x555555ddad76 in index_path ../object-file.c:2796:7
#9 0x555555e947f3 in add_to_index ../read-cache.c:771:7
#10 0x555555e954a4 in add_file_to_index ../read-cache.c:804:9
#11 0x5555558b5c39 in add_files ../builtin/add.c:355:7
#12 0x5555558b412e in cmd_add ../builtin/add.c:578:18
#13 0x555555b1f493 in run_builtin ../git.c:480:11
#14 0x555555b1bfef in handle_builtin ../git.c:740:9
#15 0x555555b1e6f4 in run_argv ../git.c:807:4
#16 0x555555b1b87a in cmd_main ../git.c:947:19
#17 0x5555561649e6 in main ../common-main.c:64:11
#18 0x7ffff742a1fb in __libc_start_call_main (/nix/store/65h17wjrrlsj2rj540igylrx7fqcd6vq-glibc-2.40-36/lib/libc.so.6+0x2a1fb) (BuildId: bf320110569c8ec2425e9a0c5e4eb7e97f1fb6e4)
#19 0x7ffff742a2b8 in __libc_start_main@GLIBC_2.2.5 (/nix/store/65h17wjrrlsj2rj540igylrx7fqcd6vq-glibc-2.40-36/lib/libc.so.6+0x2a2b8) (BuildId: bf320110569c8ec2425e9a0c5e4eb7e97f1fb6e4)
#20 0x555555772c84 in _start (git+0x21ec84)
==1367==Register values:
rax = 0x0000511000001080 rbx = 0x0000000000000000 rcx = 0x000000000000000c rdx = 0x0000000000000000
rdi = 0x0000000000000000 rsi = 0x0000507000000db0 rbp = 0x0000507000000db0 rsp = 0x00007fffffff5690
r8 = 0x0000000000000000 r9 = 0x0000000000000000 r10 = 0x0000000000000000 r11 = 0x00007ffff7a01a30
r12 = 0x0000000000000000 r13 = 0x00007fffffff6b38 r14 = 0x00007ffff7ffd000 r15 = 0x00005555563b9910
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (/nix/store/h1ydpxkw9qhjdxjpic1pdc2nirggyy6f-openssl-3.3.2/lib/libcrypto.so.3+0x201a99) (BuildId: 41746a580d39075fc85e8c8065b6c07fb34e97d4) in EVP_MD_CTX_copy_ex
==1367==ABORTING
./test-lib.sh: line 1023: 1367 Aborted git $config add large1
error: last command exited with $?=134
not ok 4 - add with -c core.compression=0
Fix the issue by using the unsafe variant instead.
Signed-off-by: Patrick Steinhardt <ps@pks.im>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
commit 0ad3d656521aa16a6496aa855bbde97160a2b2bc
Author: Patrick Steinhardt <ps@pks.im>
Date: Mon Dec 30 11:32:23 2024 +0100
object-file: fix race in object collision check
One of the tests in t5616 asserts that git-fetch(1) with `--refetch`
triggers repository maintenance with the correct set of arguments. This
test is flaky and causes us to fail sometimes:
++ git -c protocol.version=0 -c gc.autoPackLimit=0 -c maintenance.incremental-repack.auto=1234 -C pc1 fetch --refetch origin
error: unable to open .git/objects/pack/pack-029d08823bd8a8eab510ad6ac75c823cfd3ed31e.pack: No such file or directory
fatal: unable to rename temporary file to '.git/objects/pack/pack-029d08823bd8a8eab510ad6ac75c823cfd3ed31e.pack'
fatal: could not finish pack-objects to repack local links
fatal: index-pack failed
error: last command exited with $?=128
The error message is quite confusing as it talks about trying to rename
a temporary packfile. A first hunch would thus be that this packfile
gets written by git-fetch(1), but removed by git-maintenance(1) while it
hasn't yet been finalized, which shouldn't ever happen. And indeed, when
looking closer one notices that the file that is supposedly of temporary
nature does not have the typical `tmp_pack_` prefix.
As it turns out, the "unable to rename temporary file" fatal error is a
red herring and the real error is "unable to open". That error is raised
by `check_collision()`, which is called by `finalize_object_file()` when
moving the new packfile into place. Because t5616 re-fetches objects, we
end up with the exact same pack as we already have in the repository. So
when the concurrent git-maintenance(1) process rewrites the preexisting
pack and unlinks it exactly at the point in time where git-fetch(1)
wants to check the old and new packfiles for equality we will see ENOENT
and thus `check_collision()` returns an error, which gets bubbled up by
`finalize_object_file()` and is then handled by `rename_tmp_packfile()`.
That function does not know about the exact root cause of the error and
instead just claims that the rename has failed.
This race is thus caused by b1b8dfde69 (finalize_object_file():
implement collision check, 2024-09-26), where we have newly introduced
the collision check.
By definition, two files cannot collide with each other when one of them
has been removed. We can thus trivially fix the issue by ignoring ENOENT
when opening either of the files we're about to check for collision.
Signed-off-by: Patrick Steinhardt <ps@pks.im>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
commit 7a8d9efc26f194eb20114d1f639ec9fa48d70bff
Author: Jeff King <peff@peff.net>
Date: Sun Dec 29 23:30:26 2024 -0500
grep: work around LSan threading race with barrier
There's a race with LSan when spawning threads and one of the threads
calls die(). We worked around one such problem with index-pack in the
previous commit, but it exists in git-grep, too. You can see it with:
make SANITIZE=leak THREAD_BARRIER_PTHREAD=YesOnLinux
cd t
./t0003-attributes.sh --stress
which fails pretty quickly with:
==git==4096424==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 32 byte(s) in 1 object(s) allocated from:
#0 0x7f906de14556 in realloc ../../../../src/libsanitizer/lsan/lsan_interceptors.cpp:98
#1 0x7f906dc9d2c1 in __pthread_getattr_np nptl/pthread_getattr_np.c:180
#2 0x7f906de2500d in __sanitizer::GetThreadStackTopAndBottom(bool, unsigned long*, unsigned long*) ../../../../src/libsanitizer/sanitizer_common/sanitizer_linux_libcdep.cpp:150
#3 0x7f906de25187 in __sanitizer::GetThreadStackAndTls(bool, unsigned long*, unsigned long*, unsigned long*, unsigned long*) ../../../../src/libsanitizer/sanitizer_common/sanitizer_linux_libcdep.cpp:614
#4 0x7f906de17d18 in __lsan::ThreadStart(unsigned int, unsigned long long, __sanitizer::ThreadType) ../../../../src/libsanitizer/lsan/lsan_posix.cpp:53
#5 0x7f906de143a9 in ThreadStartFunc<false> ../../../../src/libsanitizer/lsan/lsan_interceptors.cpp:431
#6 0x7f906dc9bf51 in start_thread nptl/pthread_create.c:447
#7 0x7f906dd1a677 in __clone3 ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78
As with the previous commit, we can fix this by inserting a barrier that
makes sure all threads have finished their setup before continuing. But
there's one twist in this case: the thread which calls die() is not one
of the worker threads, but the main thread itself!
So we need the main thread to wait in the barrier, too, until all
threads have gotten to it. And thus we initialize the barrier for
num_threads+1, to account for all of the worker threads plus the main
one.
If we then test as above, t0003 should run indefinitely.
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
commit 526c0a851b14d1bbec4b8d31a23d93ca0eb82637
Author: Jeff King <peff@peff.net>
Date: Sun Dec 29 23:29:38 2024 -0500
index-pack: work around LSan threading race with barrier
We sometimes get false positives from our linux-leaks CI job because of
a race in LSan itself. The problem is that one thread is still
initializing its stack in LSan's code (and allocating memory to do so)
while anothe thread calls die(), taking down the whole process and
triggering a leak check.
The problem is described in more detail in 993d38a066 (index-pack: spawn
threads atomically, 2024-01-05), which tried to fix it by pausing worker
threads until all calls to pthread_create() had completed. But that's
not enough to fix the problem, because the LSan setup code runs in the
threads themselves. So even though pthread_create() has returned, we
have no idea if all threads actually finished their setup before letting
any of them do real work.
We can fix that by using a barrier inside the threads themselves,
waiting for all of them to hit the start of their main function before
any of them proceed.
You can test for the race by running:
make SANITIZE=leak THREAD_BARRIER_PTHREAD=YesOnLinux
cd t
./t5309-pack-delta-cycles.sh --stress
which fails quickly before this patch, and should run indefinitely
without it.
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
commit 7d0037b59ae0d22a2718c28d8e70e3ef3f3f991e
Author: Jeff King <peff@peff.net>
Date: Sun Dec 29 23:28:30 2024 -0500
thread-utils: introduce optional barrier type
One thread primitive we don't yet support is a barrier: it waits for all
threads to reach a synchronization point before letting any of them
continue. This would be useful for avoiding the LSan race we see in
index-pack (and other places) by having all threads complete their
initialization before any of them start to do real work.
POSIX introduced a pthread_barrier_t in 2004, which does what we want.
But if we want to rely on it:
1. Our Windows pthread emulation would need a new set of wrapper
functions. There's a Synchronization Barrier primitive there, which
was introduced in Windows 8 (which is old enough for us to depend
on).
2. macOS (and possibly other systems) has pthreads but not
pthread_barrier_t. So there we'd have to implement our own barrier
based on the mutex and cond primitives.
Those are do-able, but since we only care about avoiding races in our
LSan builds, there's an easier way: make it a noop on systems without a
native pthread barrier.
This patch introduces a "maybe_thread_barrier" API. The clunky name
(rather than just using pthread_barrier directly) should hopefully clue
people in that on some systems it will do nothing. It's wired to a
Makefile knob which has to be triggered manually, and we enable it for
the linux-leaks CI jobs (since we know we'll have it there).
There are some other possible options:
- we could turn it on all the time for Linux systems based on uname.
But we really only care about it for LSan builds, and there is no
need to add extra code to regular builds.
- we could turn it on only for LSan builds. But that would break
builds on non-Linux platforms (like macOS) that otherwise should
support sanitizers.
- we could trigger only on the combination of Linux and LSan together.
This isn't too hard to do, but the uname check isn't completely
accurate. It is really about what your libc supports, and non-glibc
systems might not have it (though at least musl seems to).
So we'd risk breaking builds on those systems, which would need to
add a new knob. Though the upside would be that running local "make
SANITIZE=leak test" would be protected automatically.
And of course none of this protects LSan runs from races on systems
without pthread barriers. It's probably OK in practice to protect only
our CI jobs, though. The race is rare-ish and most leak-checking happens
through CI.
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
commit ca9d60f2460c296b32b3da97eb953bbc4d292197
Author: Jeff King <peff@peff.net>
Date: Sun Dec 29 23:26:10 2024 -0500
Revert "index-pack: spawn threads atomically"
This reverts commit 993d38a0669a8056d496797516e743e26b6b8b54.
That commit was trying to solve a race between LSan setting up the
threads stack and another thread calling exit(), by making sure that all
pthread_create() calls have finished before doing any work that might
trigger the exit().
But that isn't sufficient. The setup code actually runs in the
individual threads themselves, not in the spawning thread's call to
pthread_create(). So while it may have improved the race a bit, you can
still trigger it pretty quickly with:
make SANITIZE=leak
cd t
./t5309-pack-delta-cycles.sh --stress
Let's back out that failed attempt so we can try again.
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
commit d601aee6056a0afc6df7f77e15cdc155ff402dee
Author: Jeff King <peff@peff.net>
Date: Sun Dec 29 23:24:01 2024 -0500
test-lib: use individual lsan dir for --stress runs
When storing output in test-results/, we usually give each numbered run
in a --stress set its own output file. But we don't do that for storing
LSan logs, so something like:
./t0003-attributes.sh --stress
will have many scripts simultaneously creating, writing to, and deleting
the test-results/t0003-attributes.leak directory. This can cause logs
from one run to be attributed to another, spurious failures when
creation and deletion race, and so on.
This has always been broken, but nobody noticed because it's rare to do
a --stress run with LSan (since the point is for the code to run quickly
many times in order to hit races). But if you're trying to find a race
in the leak sanitizing code, it makes sense to use these together.
We can fix it by using $TEST_RESULTS_BASE, which already incorporates
the stress job suffix.
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
commit 090c455a1db7ab808fbbf172d104e871bf8cdf1c
Merge: bfe548d87e 306ab352f4
Author: Junio C Hamano <gitster@pobox.com>
Date: Sat Dec 28 12:45:19 2024 -0800
Sync with master
commit bfe548d87ed7786f06c2d9519f69c38ed47176e6
Merge: b08a0c8e23 df2faf1a65
Author: Junio C Hamano <gitster@pobox.com>
Date: Sat Dec 28 10:53:58 2024 -0800
Sync with 'master'
commit b08a0c8e23af8c65bb9c83f4247785d23c2f8379
Merge: 39938f41fd cef3d4a89f
Author: Junio C Hamano <gitster@pobox.com>
Date: Sat Dec 28 10:53:54 2024 -0800
Merge branch 'ms/t7611-test-path-is-file' into next
Test modernization.
* ms/t7611-test-path-is-file:
t7611: replace test -f with test_path_is* helpers
commit 39938f41fd287e29636771dae20db5c4af59e042
Merge: b6c66824c1 d963ac98ec
Author: Junio C Hamano <gitster@pobox.com>
Date: Sat Dec 28 10:53:53 2024 -0800
Merge branch 'ps/meson-test-wo-gitweb' into next
meson-based build without GitWeb failed the self tests.
* ps/meson-test-wo-gitweb:
meson: enable auto-discovered "gitweb"
GIT-BUILD-OPTIONS: wire up NO_GITWEB option
GIT-BUILD-OPTIONS: sort variables alphabetically
commit 1e781209284eb5952e153339f45bf0c1555e78bb
Author: René Scharfe <l.s.r@web.de>
Date: Sat Dec 28 10:49:38 2024 +0100
t-reftable-merged: handle realloc errors
Check reallocation errors in unit tests, like everywhere else.
Signed-off-by: René Scharfe <l.s.r@web.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
commit e4981ed1e72d3f25da901b9415d2c4805bed0dbc
Author: René Scharfe <l.s.r@web.de>
Date: Sat Dec 28 10:48:50 2024 +0100
reftable: handle realloc error in parse_names()
Check the final reallocation for adding the terminating NULL and handle
it just like those in the loop. Simply use REFTABLE_ALLOC_GROW instead
of keeping the REFTABLE_REALLOC_ARRAY call and adding code to preserve
the original pointer value around it.
Signed-off-by: René Scharfe <l.s.r@web.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
commit 2cca185e85171c462166839cfd6ee57c09573160
Author: René Scharfe <l.s.r@web.de>
Date: Sat Dec 28 10:48:00 2024 +0100
reftable: fix allocation count on realloc error
When realloc(3) fails, it returns NULL and keeps the original allocation
intact. REFTABLE_ALLOC_GROW overwrites both the original pointer and
the allocation count variable in that case, simultaneously leaking the
original allocation and misrepresenting the number of storable items.
parse_names() avoids the leak by keeping the original pointer if
reallocation fails, but still increase the allocation count in such a
case as if it succeeded. That's OK, because the error handling code
just frees everything and doesn't look at names_cap anymore.
reftable_buf_add() does the same, but here it is a problem as it leaves
the reftable_buf in a broken state, with ->alloc being roughly twice as
big as the actually allocated memory, allowing out-of-bounds writes in
subsequent calls.
Reimplement REFTABLE_ALLOC_GROW to avoid leaks, keep allocation counts
in sync and still signal failures to callers while avoiding code
duplication in callers. Make it an expression that evaluates to 0 if no
reallocation is needed or it succeeded and 1 on failure while keeping
the original pointer and allocation counter values.
Adjust REFTABLE_ALLOC_GROW_OR_NULL to the new calling convention for
REFTABLE_ALLOC_GROW, but keep its support for non-size_t alloc variables
for now.
Signed-off-by: René Scharfe <l.s.r@web.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
commit 8db127d43f5b0eff254a851f9c966b7b85d91992
Author: René Scharfe <l.s.r@web.de>
Date: Sat Dec 28 10:47:05 2024 +0100
reftable: avoid leaks on realloc error
When realloc(3) fails, it returns NULL and keeps the original allocation
intact. REFTABLE_ALLOC_GROW overwrites both the original pointer and
the allocation count variable in that case, simultaneously leaking the
original allocation and misrepresenting the number of storable items.
parse_names() and reftable_buf_add() avoid leaking by restoring the
original pointer value on failure, but all other callers seem to be OK
with losing the old allocation. Add a new variant of the macro,
REFTABLE_ALLOC_GROW_OR_NULL, which plugs the leak and zeros the
allocation counter. Use it for those callers.
Signed-off-by: René Scharfe <l.s.r@web.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
commit 24027256aa9614a445563707a72af7ce5ff49b5b
Author: Junio C Hamano <gitster@pobox.com>
Date: Fri Dec 27 12:25:30 2024 -0800
sign-compare: avoid comparing ptrdiff with an int/unsigned
Instead, offset the base pointer with integer and compare it with
the other pointer.
Signed-off-by: Junio C Hamano <gitster@pobox.com>
commit 5e7fe8a7b89a07d8c3ab298ac69bc33f6ba88b47
Author: Patrick Steinhardt <ps@pks.im>
Date: Fri Dec 27 11:46:29 2024 +0100
commit-reach: use `size_t` to track indices when computing merge bases
The functions `repo_get_merge_bases_many()` and friends accepts an array
of commits as well as a parameter that indicates how large that array
is. This parameter is using a signed integer, which leads to a couple of
warnings with -Wsign-compare.
Refactor the code to use `size_t` to track indices instead and adapt
callers accordingly. While most callers are trivial, there are two
callers that require a bit more scrutiny:
- builtin/merge-base.c:show_merge_base() subtracts `1` from the
`rev_nr` before calling `repo_get_merge_bases_many_dirty()`, so if
the variable was `0` it would wrap. This code is fine though because
its only caller will execute that code only when `argc >= 2`, and it
follows that `rev_nr >= 2`, as well.
- bisect.ccheck_merge_bases() similarly subtracts `1` from `rev_nr`.
Again, there is only a single caller that populates `rev_nr` with
`good_revs.nr`. And because a bisection always requires at least one
good revision it follws that `rev_nr >= 1`.
Mark the file as -Wsign-compare-clean.
Signed-off-by: Patrick Steinhardt <ps@pks.im>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
commit 455ac07021d4feede4f5b7e39bf00dc186ce3c09
Author: Patrick Steinhardt <ps@pks.im>
Date: Fri Dec 27 11:46:28 2024 +0100
shallow: fix -Wsign-compare warnings
Fix a couple of -Wsign-compare issues in "shallow.c" and mark the file
as -Wsign-compare-clean. This change prepares the code for a refactoring
of `repo_in_merge_bases_many()`, which will be adapted to accept the
number of commits as `size_t` instead of `int`.
Signed-off-by: Patrick Steinhardt <ps@pks.im>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
commit 1ab5948141e62b52bcb812b04a901b3efaf1b578
Author: Patrick Steinhardt <ps@pks.im>
Date: Fri Dec 27 11:46:27 2024 +0100
builtin/log: fix remaining -Wsign-compare warnings
Fix remaining -Wsign-compare warnings in "builtin/log.c" and mark the
file as -Wsign-compare-clean. While most of the fixes are obvious, one
fix requires us to use `cast_size_t_to_int()`, which will cause us to
die in case the `size_t` cannot be represented as `int`. This should be
fine though, as the data would typically be set either via a config key
or via the command line, neither of which should ever exceed a couple of
kilobytes of data.
Signed-off-by: Patrick Steinhardt <ps@pks.im>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
commit 0905ed201a87bc97dc4d47c0cb8fd65316f33269
Author: Patrick Steinhardt <ps@pks.im>
Date: Fri Dec 27 11:46:26 2024 +0100
builtin/log: use `size_t` to track indices
Similar as with the preceding commit, adapt "builtin/log.c" so that it
tracks array indices via `size_t` instead of using signed integers. This
fixes a couple of -Wsign-compare warnings and prepares the code for
a similar refactoring of `repo_get_merge_bases_many()` in a subsequent
commit.
Signed-off-by: Patrick Steinhardt <ps@pks.im>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
commit 85ee0680e2d5d667919e06394ca7622f09652310
Author: Patrick Steinhardt <ps@pks.im>
Date: Fri Dec 27 11:46:25 2024 +0100
commit-reach: use `size_t` to track indices in `get_reachable_subset()`
Similar as with the preceding commit, adapt `get_reachable_subset()` so
that it tracks array indices via `size_t` instead of using signed
integers to fix a couple of -Wsign-compare warnings. Adapt callers
accordingly.
Signed-off-by: Patrick Steinhardt <ps@pks.im>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
commit 45843d8f4eb2bbfc73cc361ba9d612d088dc8a4f
Author: Patrick Steinhardt <ps@pks.im>
Date: Fri Dec 27 11:46:24 2024 +0100
commit-reach: use `size_t` to track indices in `remove_redundant()`
The function `remove_redundant()` gets as input an array of commits as
well as the size of that array and then drops redundant commits from
that array. It then returns either `-1` in case an error occurred, or
the new number of items in the array.
The function receives and returns these sizes with a signed integer,
which causes several warnings with -Wsign-compare. Fix this issue by
consistently using `size_t` to track array indices and splitting up
the returned value into a returned error code and a separate out pointer
for the new computed size.
Note that `get_merge_bases_many()` and related functions still track
array sizes as a signed integer. This will be fixed in a subsequent
commit.
Signed-off-by: Patrick Steinhardt <ps@pks.im>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
commit 04aeeeaab1f02213703c4e1997b2c2f1ca0f8f96
Author: Patrick Steinhardt <ps@pks.im>
Date: Fri Dec 27 11:46:23 2024 +0100
commit-reach: fix type of `min_commit_date`
The `can_all_from_reach_with_flag()` function accepts a parameter that
allows callers to cut off traversal at a specified commit date. This
parameter is of type `time_t`, which is a signed type, while we end up
comparing it to a commit's `date` field, which is of the unsigned type
`timestamp_t`.
Fix the parameter to be of type `timestamp_t`. There is only a single
caller in "upload-pack.c" that sets this parameter, and that caller
knows to pass in a `timestamp_t` already.
Signed-off-by: Patrick Steinhardt <ps@pks.im>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
commit 95c09e4d07492fa9e4ad951a268b4ea6bae69038
Author: Patrick Steinhardt <ps@pks.im>
Date: Fri Dec 27 11:46:22 2024 +0100
commit-reach: fix index used to loop through unsigned integer
In 62e745ced2 (prio-queue: use size_t rather than int for size,
2024-12-20), we refactored `struct prio_queue` to track the number of
contained entries via a `size_t`. While the refactoring adapted one of
the users of that variable, it forgot to also adapt "commit-reach.c"
accordingly. This was missed because that file has -Wsign-conversion
disabled.
Fix the issue by using a `size_t` to iterate through entries.
Signed-off-by: Patrick Steinhardt <ps@pks.im>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
commit 44945dfe867e56aab1685a0f371665273291a2af
Author: Patrick Steinhardt <ps@pks.im>
Date: Fri Dec 27 11:46:21 2024 +0100
prio-queue: fix type of `insertion_ctr`
In 62e745ced2 (prio-queue: use size_t rather than int for size,
2024-12-20), we have converted `struct prio_queue` to use `size_t` to
track the number of entries in the queue as well as the allocated size
of the underlying array. There is one more counter though, namely the
insertion counter, that is still using an `unsigned` instead of a
`size_t`. This is unlikely to ever be a problem, but it makes one wonder
why some indices use `size_t` while others use `unsigned`. Furthermore,
the mentioned commit stated the intent to also adapt these variables,
but seemingly forgot to do so.
Fix the issue by converting those counters to use `size_t`, as well.
Signed-off-by: Patrick Steinhardt <ps@pks.im>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
commit b6c66824c156363e934b3d989fb123efb1a9c63d
Merge: 10b9e8227b 76cf4f61c8
Author: Junio C Hamano <gitster@pobox.com>
Date: Thu Dec 26 08:20:36 2024 -0800
Sync with 'master'
commit 10b9e8227ba16077c96bdf1bca1d6d65e9eb7929
Merge: 73897bcc72 b59358100c
Author: Junio C Hamano <gitster@pobox.com>
Date: Thu Dec 26 08:20:27 2024 -0800
Merge branch 'as/gitk-git-gui-repo-update' into next
* as/gitk-git-gui-repo-update:
Update the official repo of gitk
commit 73897bcc729bd26ea18552b27e1ed5ffad93a951
Merge: b75456bef5 f2cfb42f22
Author: Junio C Hamano <gitster@pobox.com>
Date: Mon Dec 23 09:47:00 2024 -0800
Sync with Git 2.48-rc1
commit f2cfb42f2267455c78077bd5f34518da5af5177c
Author: Junio C Hamano <gitster@pobox.com>
Date: Mon Dec 23 08:45:57 2024 -0800
Git 2.48-rc1
Signed-off-by: Junio C Hamano <gitster@pobox.com>
commit b75456bef504fb429f0b9b9fa9b38add829b9bb4
Merge: 7a2aad750e 8ddcdc1bb3
Author: Junio C Hamano <gitster@pobox.com>
Date: Sun Dec 22 13:19:58 2024 -0800
Merge branch 'kn/reflog-migration' into next
"git refs migrate" learned to also migrate the reflog data across
backends.
* kn/reflog-migration:
refs: mark invalid refname message for translation
commit 7a2aad750eb5f505ce454c13cdd4c0e7091162f6
Author: Junio C Hamano <gitster@pobox.com>
Date: Sun Dec 22 13:19:53 2024 -0800
Merge branch 'ma/asciidoctor-build-fixes' into next
A topic to optionally build with meson, which has graduated to
'master' recently, broke Documentation pipeline with asciidoctor
for the normal Makefile build as well as meson-based one, which
have been corrected.
* ma/asciidoctor-build-fixes:
asciidoctor-extensions.rb.in: inject GIT_DATE
asciidoctor-extensions.rb.in: add missing word
asciidoctor-extensions.rb.in: delete existing <refmiscinfo/>
commit cd4f5e4e27c6e95e69cb32ebd2b1ef07380f68bb
Author: Kyle Lippincott <spectral@google.com>
Date: Fri Dec 13 16:18:06 2024 -0800
debian: new "next" snapshot
Change-Id: I9affd9ae4a6a200de561f23667ea8a3fbcfd590c
Signed-off-by: Kyle Lippincott <spectral@google.com>
commit d60db8c4224c76f564633b783dabc09b58ffaf5e
Merge: 290842a30d 23fc6f90ad
Author: Kyle Lippincott <spectral@google.com>
Date: Fri Dec 13 16:17:11 2024 -0800
Merge branch 'next' into debian-experimental
Change-Id: If1bd5f8e274d52c43b75a17fce2aeb592fd44820
Signed-off-by: Kyle Lippincott <spectral@google.com>
commit 23fc6f90ad82d0b443ab97c4d687814594dfbe51
Merge: 7f4ebe0be3 2ccc89b0c1
Author: Junio C Hamano <gitster@pobox.com>
Date: Fri Dec 13 07:40:48 2024 -0800
Sync with 'master'
commit 7f4ebe0be3aedee5adc01cb4694319e8adee7835
Merge: 9f49e6f9dd dd1072dfa8
Author: Junio C Hamano <gitster@pobox.com>
Date: Fri Dec 13 07:40:26 2024 -0800
Merge branch 'tc/bundle-with-tag-remove-workaround' into next
"git bundle create" with an annotated tag on the positive end of
the revision range had a workaround code for older limitation in
the revision walker, which has become unnecessary.
* tc/bundle-with-tag-remove-workaround:
bundle: remove unneeded code
commit 9f49e6f9ddc2c559b792c134a21cdc651eb4810f
Merge: 90156d79ed 8525e92886
Author: Junio C Hamano <gitster@pobox.com>
Date: Fri Dec 13 07:40:24 2024 -0800
Merge branch 'mh/doc-windows-home-env' into next
Doc update.
* mh/doc-windows-home-env:
Document HOME environment variable
commit 90156d79ed144b53ae1d9d852a4f350997875413
Merge: 478444359e f94bfa1516
Author: Junio C Hamano <gitster@pobox.com>
Date: Fri Dec 13 07:40:23 2024 -0800
Merge branch 'js/log-remerge-keep-ancestry' into next
"git log -p --remerge-diff --reverse" was completely broken.
* js/log-remerge-keep-ancestry:
log: --remerge-diff needs to keep around commit parents
commit 478444359e6d809f5afb24e9832ef7132ff7d858
Merge: f74b3f243a 6c915c3f85
Author: Junio C Hamano <gitster@pobox.com>
Date: Fri Dec 13 07:40:21 2024 -0800
Merge branch 'jc/set-head-symref-fix' into next
"git fetch" from a configured remote learned to update a missing
remote-tracking HEAD but it asked the remote about their HEAD even
when it did not need to, which has been corrected. Incidentally,
this also corrects "git fetch --tags $URL" which was broken by the
new feature in an unspecified way.
* jc/set-head-symref-fix:
fetch: do not ask for HEAD unnecessarily
commit f74b3f243a33d7963d06298c0bdf84cc5f3ff26b
Merge: cb270b3dea caacdb5dfd
Author: Junio C Hamano <gitster@pobox.com>
Date: Wed Dec 11 11:05:04 2024 +0900
Sync with 'master'
commit cb270b3dea5e893dde588bb4aca6cc8268632211
Merge: 5a408010e9 904339edbd
Author: Junio C Hamano <gitster@pobox.com>
Date: Wed Dec 11 11:04:34 2024 +0900
Merge branch 'ps/build' into next
Build procedure update plus introduction of Mason based builds
* ps/build: (24 commits)
Introduce support for the Meson build system
Documentation: add comparison of build systems
t: allow overriding build dir
t: better support for out-of-tree builds
Documentation: extract script to generate a list of mergetools
Documentation: teach "cmd-list.perl" about out-of-tree builds
Documentation: allow sourcing generated includes from separate dir
Makefile: simplify building of templates
Makefile: write absolute program path into bin-wrappers
Makefile: allow "bin-wrappers/" directory to exist
Makefile: refactor generators to be PWD-independent
Makefile: extract script to generate gitweb.js
Makefile: extract script to generate gitweb.cgi
Makefile: extract script to massage Python scripts
Makefile: extract script to massage Shell scripts
Makefile: use "generate-perl.sh" to massage Perl library
Makefile: extract script to massage Perl scripts
Makefile: consistently use PERL_PATH
Makefile: generate doc versions via GIT-VERSION-GEN
Makefile: generate "git.rc" via GIT-VERSION-GEN
...
commit 5a408010e9892d7f0e882f250db50c726b5fd5d1
Merge: da3d13a723 1a14c857db
Author: Junio C Hamano <gitster@pobox.com>
Date: Wed Dec 11 08:27:53 2024 +0900
Merge branch 'jt/fix-fattening-promisor-fetch' into next
Fix performance regression of a recent "fatten promisor pack with
local objects" protection against an unwanted gc.
* jt/fix-fattening-promisor-fetch:
index-pack --promisor: also check commits' trees
index-pack --promisor: don't check blobs
index-pack --promisor: dedup before checking links
commit da3d13a72386b80440637269de1b79ab6bc1beab
Merge: ddbfd8883a 0ff919e87a
Author: Junio C Hamano <gitster@pobox.com>
Date: Wed Dec 11 08:27:52 2024 +0900
Merge branch 'ps/commit-with-message-syntax-fix' into next
The syntax ":/<text>" to name the latest commit with the matching
text was broken with a recent change, which has been corrected.
* ps/commit-with-message-syntax-fix:
object-name: fix reversed ordering with ":/<text>" revisions
commit ddbfd8883aa2c6c1ad649ff96b0e47f45d597d9d
Merge: 509db1dc1a 14ef8c04c5
Author: Junio C Hamano <gitster@pobox.com>
Date: Wed Dec 11 08:27:51 2024 +0900
Merge branch 'rj/strvec-splice-fix' into next
Correct strvec_splice() that misbehaved when the strvec is empty.
* rj/strvec-splice-fix:
strvec: `strvec_splice()` to a statically initialized vector
commit 509db1dc1ad901c9dea9d5d96cec3d6b4926a495
Merge: a20c319038 db162862b3
Author: Junio C Hamano <gitster@pobox.com>
Date: Wed Dec 11 08:27:49 2024 +0900
Merge branch 'jk/describe-perf' into next
"git describe" optimization.
* jk/describe-perf:
describe: split "found all tags" and max_candidates logic
commit a20c319038ee49e98bf23fbf12c947c8fce0ff4e
Merge: 900cadd7b7 6c397d0104
Author: Junio C Hamano <gitster@pobox.com>
Date: Wed Dec 11 08:27:48 2024 +0900
Merge branch 'bf/explicit-config-set-in-advice-messages' into next
The advice messages now tell the newer 'git config set' command to
set the advice.token configuration variable to squelch a message.
* bf/explicit-config-set-in-advice-messages:
advice: suggest using subcommand "git config set"
commit 900cadd7b72d84a5a67e8c1568033a17371b3673
Merge: adea88989e 012bc566ba
Author: Junio C Hamano <gitster@pobox.com>
Date: Wed Dec 11 08:27:47 2024 +0900
Merge branch 'bf/fetch-set-head-config' into next
"git fetch" honors "remote.<remote>.followRemoteHEAD" settings to
tweak the remote-tracking HEAD in "refs/remotes/<remote>/HEAD".
* bf/fetch-set-head-config:
remote set-head: set followRemoteHEAD to "warn" if "always"
fetch set_head: add warn-if-not-$branch option
fetch set_head: move warn advice into advise_if_enabled
commit adea88989e29cd8f8c0679df28c5362a4e8fee3a
Merge: c27f4b7a9f bbd445d5ef
Author: Junio C Hamano <gitster@pobox.com>
Date: Wed Dec 11 08:27:45 2024 +0900
Merge branch 'jc/forbid-head-as-tagname' into next
"git tag" has been taught to refuse to create refs/tags/HEAD
as such a tag will be confusing in the context of UI provided by
the Git Porcelain commands.
* jc/forbid-head-as-tagname:
tag: "git tag" refuses to use HEAD as a tagname
t5604: do not expect that HEAD can be a valid tagname
refs: drop strbuf_ prefix from helpers
refs: move ref name helpers around
commit 290842a30d20f25160b7a4bcb9d1560eedf49b2d
Author: Josh Steadmon <steadmon@google.com>
Date: Fri Dec 6 11:05:41 2024 -0800
debian: new "next" snapshot
Change-Id: If7ed2b93b8f1d048b94c2f8cbec45c533da47e19
Signed-off-by: Josh Steadmon <steadmon@google.com>
commit 0f2e17238f821951496507ae05419ed9a611340d
Merge: e1b0d542d5 c27f4b7a9f
Author: Josh Steadmon <steadmon@google.com>
Date: Fri Dec 6 11:05:06 2024 -0800
Merge branch 'next' into debian-experimental
Change-Id: I56506d916df42ce6b5ddd227a108a3ad6a4daa02
Signed-off-by: Josh Steadmon <steadmon@google.com>
commit c27f4b7a9fc45cdb75b4a22d3d3e0e7ac90f80b2
Merge: 36d6c51c96 e66fd72e97
Author: Junio C Hamano <gitster@pobox.com>
Date: Fri Dec 6 13:55:12 2024 +0900
Sync with 'master'
commit 36d6c51c96fefe65c971171d1f3dcaf5b599e135
Merge: e48a185ed0 bc1a980759
Author: Junio C Hamano <gitster@pobox.com>
Date: Thu Dec 5 19:44:41 2024 +0900
Merge branch 'kk/doc-ancestry-path' into next
The --ancestry-path option is designed to be given a commit that is
on the path, which was not documented, which has been corrected.
* kk/doc-ancestry-path:
doc: mention rev-list --ancestry-path restrictions
commit e48a185ed0857bcb18d66c23700fce6957004dab
Merge: 7bd98d132c 24d3dd79e4
Author: Junio C Hamano <gitster@pobox.com>
Date: Thu Dec 5 19:44:40 2024 +0900
Merge branch 'kn/midx-wo-the-repository' into next
Yet another "pass the repository through the callchain" topic.
* kn/midx-wo-the-repository:
midx: inline the `MIDX_MIN_SIZE` definition
midx: pass down `hash_algo` to functions using global variables
midx: pass `repository` to `load_multi_pack_index`
midx: cleanup internal usage of `the_repository` and `the_hash_algo`
midx-write: pass down repository to `write_midx_file[_only]`
write-midx: add repository field to `write_midx_context`
midx-write: use `revs->repo` inside `read_refs_snapshot`
midx-write: pass down repository to static functions
packfile.c: remove unnecessary prepare_packed_git() call
midx: add repository to `multi_pack_index` struct
config: make `packed_git_(limit|window_size)` non-global variables
config: make `delta_base_cache_limit` a non-global variable
packfile: pass down repository to `for_each_packed_object`
packfile: pass down repository to `has_object[_kept]_pack`
packfile: pass down repository to `odb_pack_name`
packfile: pass `repository` to static function in the file
packfile: use `repository` from `packed_git` directly
packfile: add repository to struct `packed_git`
commit 7bd98d132c3444ba3b0aa4d3e4562ffd9a0ef595
Merge: 1f973aece2 2037ca85ad
Author: Junio C Hamano <gitster@pobox.com>
Date: Thu Dec 5 19:44:38 2024 +0900
Merge branch 'cw/worktree-extension' into next
Introduce a new repository extension to prevent older Git versions
from mis-interpreting worktrees created with relative paths.
* cw/worktree-extension:
worktree: refactor `repair_worktree_after_gitdir_move()`
worktree: add relative cli/config options to `repair` command
worktree: add relative cli/config options to `move` command
worktree: add relative cli/config options to `add` command
worktree: add `write_worktree_linking_files()` function
worktree: refactor infer_backlink return
worktree: add `relativeWorktrees` extension
setup: correctly reinitialize repository version
commit 1f973aece2a77b163cbd46468da581a8aed6e79f
Merge: bbdd9b9659 751d063f27
Author: Junio C Hamano <gitster@pobox.com>
Date: Thu Dec 5 19:44:37 2024 +0900
Merge branch 'es/oss-fuzz' into next
Backport oss-fuzz tests for us to our codebase.
* es/oss-fuzz:
fuzz: port fuzz-url-decode-mem from OSS-Fuzz
fuzz: port fuzz-parse-attr-line from OSS-Fuzz
fuzz: port fuzz-credential-from-url-gently from OSS-Fuzz
commit bbdd9b96595edccd1f3101a53df15daaef3bbc7d
Merge: a4f8a86955 8cb4c6e62f
Author: Junio C Hamano <gitster@pobox.com>
Date: Thu Dec 5 19:44:36 2024 +0900
Merge branch 'en/fast-import-verify-path' into next
"git fast-import" learned to reject paths with ".." and "." as
their components to avoid creating invalid tree objects.
* en/fast-import-verify-path:
t9300: test verification of renamed paths
commit a4f8a869558d59677e8d9798666a23391f0b4ca8
Merge: 9905f16afc 23692e08c6
Author: Junio C Hamano <gitster@pobox.com>
Date: Wed Dec 4 10:49:03 2024 +0900
Sync with 'master'
commit 9905f16afc164c013d3239ef2253e9f68f0b5088
Merge: 5da441ce36 e2f5d3b491
Author: Junio C Hamano <gitster@pobox.com>
Date: Wed Dec 4 10:48:35 2024 +0900
Merge branch 'kh/doc-update-ref-grammofix' into next
Grammofix.
* kh/doc-update-ref-grammofix:
Documentation/git-update-ref.txt: add missing word
commit 5da441ce36ee0134efc07359fbfd96373ef299b9
Merge: 2d19ff44e5 18693d7d65
Author: Junio C Hamano <gitster@pobox.com>
Date: Wed Dec 4 10:48:34 2024 +0900
Merge branch 'kh/doc-bundle-typofix' into next
Typofix.
* kh/doc-bundle-typofix:
Documentation/git-bundle.txt: fix word join typo
commit 2d19ff44e5a547c3281eb301851cea9d3318ffaa
Merge: bfd07a8936 168ebb7159
Author: Junio C Hamano <gitster@pobox.com>
Date: Wed Dec 4 10:48:33 2024 +0900
Merge branch 'jc/doc-error-message-guidelines' into next
Developer documentation update.
* jc/doc-error-message-guidelines:
CodingGuidelines: a handful of error message guidelines
commit bfd07a8936ba5674d99e4bd3c622fd3c62178dbb
Merge: 69bfc59fb5 baa159137b
Author: Junio C Hamano <gitster@pobox.com>
Date: Wed Dec 4 10:48:32 2024 +0900
Merge branch 'jt/bundle-fsck' into next
"git bundle --unbundle" and "git clone" running on a bundle file
both learned to trigger fsck over the new objects with configurable
fck check levels.
* jt/bundle-fsck:
transport: propagate fsck configuration during bundle fetch
fetch-pack: split out fsck config parsing
bundle: support fsck message configuration
bundle: add bundle verification options type
commit 69bfc59fb52f2b688a4dbf11d7a17eddac189d8b
Merge: 3c1d2e2a6a b7f7d16562
Author: Junio C Hamano <gitster@pobox.com>
Date: Wed Dec 4 10:48:30 2024 +0900
Merge branch 'bf/fetch-set-head-config' (early part) into next
* 'bf/fetch-set-head-config' (early part):
fetch: add configuration for set_head behaviour
commit e1b0d542d5bd2854e526e1050f080976cb59a658
Author: Jonathan Tan <jonathantanmy@google.com>
Date: Mon Dec 2 12:27:43 2024 -0800
debian: new "next" snapshot
Change-Id: Ibcb2aa021303c3cb3770d1400a28eeda901de5ea
Signed-off-by: Jonathan Tan <jonathantanmy@google.com>
commit 98b592e6072a0985b298fbd946f336463f22f279
Merge: 37641ecce1 3c1d2e2a6a
Author: Jonathan Tan <jonathantanmy@google.com>
Date: Mon Dec 2 12:26:34 2024 -0800
Merge branch 'next' into debian-experimental
Change-Id: I4e16f8e37004bf3593a698bfcca46751aee9e0fd
Signed-off-by: Jonathan Tan <jonathantanmy@google.com>
commit 3c1d2e2a6a4cf624a0e213880d579d03ad3e60cc
Merge: e105e787b6 7cf65e2660
Author: Junio C Hamano <gitster@pobox.com>
Date: Mon Dec 2 11:38:34 2024 +0900
Merge branch 'ps/reftable-iterator-reuse' into next
Optimize reading random references out of the reftable backend by
allowing reuse of iterator objects.
* ps/reftable-iterator-reuse:
refs/reftable: reuse iterators when reading refs
reftable/merged: drain priority queue on reseek
reftable/stack: add mechanism to notify callers on reload
refs/reftable: refactor reflog expiry to use reftable backend
refs/reftable: refactor reading symbolic refs to use reftable backend
refs/reftable: read references via `struct reftable_backend`
refs/reftable: figure out hash via `reftable_stack`
reftable/stack: add accessor for the hash ID
refs/reftable: handle reloading stacks in the reftable backend
refs/reftable: encapsulate reftable stack
commit e105e787b6a81587bca1b073c6a198111e41b970
Merge: b142ff3d8e 988e7f5e95
Author: Junio C Hamano <gitster@pobox.com>
Date: Mon Dec 2 11:38:33 2024 +0900
Merge branch 'ps/reftable-detach' into next
Isolates the reftable subsystem from the rest of Git's codebase by
using fewer pieces of Git's infrastructure.
* ps/reftable-detach:
reftable/system: provide thin wrapper for lockfile subsystem
reftable/stack: drop only use of `get_locked_file_path()`
reftable/system: provide thin wrapper for tempfile subsystem
reftable/stack: stop using `fsync_component()` directly
reftable/system: stop depending on "hash.h"
reftable: explicitly handle hash format IDs
reftable/system: move "dir.h" to its only user
commit b142ff3d8e1ce7d606bdc43cf1a848edd57c3379
Merge: bf711f018c b1b713f722
Author: Junio C Hamano <gitster@pobox.com>
Date: Mon Dec 2 11:38:32 2024 +0900
Merge branch 'bf/set-head-symref' into next
When "git fetch $remote" notices that refs/remotes/$remote/HEAD is
missing and discovers what branch the other side points with its
HEAD, refs/remotes/$remote/HEAD is updated to point to it.
* bf/set-head-symref:
fetch set_head: handle mirrored bare repositories
fetch: set remote/HEAD if it does not exist
refs: add create_only option to refs_update_symref_extended
refs: add TRANSACTION_CREATE_EXISTS error
remote set-head: better output for --auto
remote set-head: refactor for readability
refs: atomically record overwritten ref in update_symref
refs: standardize output of refs_read_symbolic_ref
t/t5505-remote: test failure of set-head
t/t5505-remote: set default branch to main
commit bf711f018ccdbf0e52ddaf8be6032d236c958318
Merge: 0f34109a85 0ffb5a6bf1
Author: Junio C Hamano <gitster@pobox.com>
Date: Mon Dec 2 11:38:30 2024 +0900
Merge branch 'bc/allow-upload-pack-from-other-people' into next
Loosen overly strict ownership check introduced in the recent past,
to keep the promise "cloning a suspicious repository is a safe
first step to inspect it".
* bc/allow-upload-pack-from-other-people:
Allow cloning from repositories owned by another user
![[bug history graph]](https://qa.debian.org/data/bts/graphs/g/git.png){kind=link}